[ previous ] [ next ] [ threads ]
 
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Isolating users with managed switch
 Date:  Sun, 15 Jul 2007 19:12:25 -0400 
Thanks for all relies; now I got more questions:

1. Is PVLAN proprietary to Cisco or there are some other switches that I can
afford ;-)

2. If I create VLAN tag for each user on mono, can I make my Captive Portal
work with that? SO captive portal gets info to which VLAN group to put the
user?

3. What is the difference between Static VLANs and Dynamic VLANs


Thanks!


-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Sunday, July 15, 2007 3:15 PM
Cc: Monowall Support List
Subject: Re: [m0n0wall] Isolating users with managed switch

On 7/15/07, A dot L dot M dot Buxey at lboro dot ac dot uk <A dot L dot M dot Buxey at lboro dot ac dot uk> wrote:
> Hi,
>
> > I want to isolate users (Block NetBios so comps cant see each other, or
use
> > VLANs some how).
> >
> > I know if I want  to do it with regular wired network I need to use
managed
> > switch, but I never used them so what function will I need to block net
> > bios? How can I setup vlans to achieve same results? Any particular
models
> > for cheap prices?
>
> if you use VLANs you can simply put each user on a different one and
> not allow them to talk at the router. a simpler way is to just use
> a decent switch that has private VLAN or port seperation function .eg.
> Cisco 2950/2960 series which has 'switchport protected' so hosts
> cant see each other directly through the switch...or at all if you
> decide so as the VLAN termination/router.

Yeah that's also what I would recommend, PVLAN if you have Cisco
switches or others that support the same.

Alternatively, you could create a unique VLAN for every single port,
but that'd be a real pain to setup.

http://www.cisco.com/warp/public/473/63.html
"The PVLAN edge (protected port) is a feature that has only local
significance to the switch, and there is no isolation provided between
two protected ports located on different switches. A protected port
does not forward any traffic (unicast, multicast, or broadcast) to any
other port that is also a protected port in the same switch.
Therefore, it provides isolation. Traffic cannot be forwarded between
protected ports at Layer 2. All traffic passing between protected
ports must be forwarded through a Layer 3 device."

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch